The US Department of Justice's announcement yesterday of the takedown of the command and control (C&C) servers for the Coreflood bots (detected by ESET as Win32/AFCore) and seizure of their domains marks another step in the growing awareness that crime, whether it is committed with bullets or with botnets, is still crime. This particular botnet,

As David Harley blogged earlier, the Comptroller of Public Accounts office for the state of Texas yesterday began notifying state employees that the names, addresses, social security numbers and other records of some 3.5 million current or former state employees had been accessible via the Internet. Unlike the earlier Epsilon Data Management data breach, it seems

Plenty more (potential) phish in the C:: The consequences of the Epsilon breach may have been a little overstated, but the Texas data exposures are far from trivial. Every picture tells a story: Your smartphone might be giving away more information than you really want to share. David Harley CITP FBCS CISSP ESET Senior Research

I'll see your Epsilon mail addresses and raise you 3 1/2 million Texans' personal records. While the Epsilon leak got an excessive amount of media attention, given its limited potential for phishing (let alone spear phishing), it seems bizarre that there hasn't been much more attention paid to the exposure of all those employment/retirement records exposed for,